sshots_en

Google Docs Used in a Spam Campaign

Dec, 12 2011 | Security | Elie | 2 comments

It seems that today an old spamming technique is back from the dead with a new twist. Google docs spam is back but this time the spam is propagated via emails not the Google doc sharing feature.

Read More...
phish-art

What Phishing Sites Look Like ? (Study)

Nov, 29 2011 | Security | Elie | 2 comments

In this post we are going to take a closer look on what are the current phishing tactics employed in the wild. The trends uncovered by analyzing our new data-set of 5000 recents phishing sites will change the way you think about phishing.

Read More...
lock

Evolution of the HTTPS lock icon (Infographic)

Nov, 18 2011 | Security | Elie | No comments

Since the introduction of HTTPS by Netscape, the lock icon have been the indicator of choice to tell users that their communication is secure. Over the years, this “prestigious” icon shape and position kept changing from browser to browser and from version to version so I made a couple of infographics to illustrate this. I hope you will enjoy them :)

Read More...
card-stealing

How to physically secure your credit card

Oct, 17 2011 | Security | Elie | 3 comments

 

In this post I want to share with you the two simple steps I came up with to “harden” my credit card security against theft and duplication. In a nutshell, this hardening technique works by removing all the extra information written on the credit card (signature and security code) that are not necessary for it work and are valuable to an “attacker”.

Read More...
Eye-o-sauron-03

Tracking users that block cookies with a HTTP redirect

Jul, 22 2011 | Security | Elie | 12 comments

While the standard technique to track users across multiples sites / visits is to use cookies this is by no means the only way to do this.  Last year Samy, with his famous evercookie application, showed that in fact many browser storages (Flash, locale storage) can be used to store a unique identifier that can act as cookie.

In this post, I will share with you a new tracking technique (AFAIK) that works even when all the browser storages mechanisms are blocked/disable. (edit: @theharmonyguy founded this article about a somewhat related technique that use redirect to pass cookies). What makes this technique unique and hard to block is that it does not rely on a storage mechanism or a JavaScript trick but instead abuse the HTTP mechanism used to make shortened URLs work:  the HTTP redirect header.  Because this tracking technique rely on a HTTP header it will work even if javascript and the browser plug-ins (Flash, Silverlight) are disable.

Read More...